The United States, Japan, and South Korea have issued warnings against North Korean threat actors who are actively and aggressively targeting the crypto industry. In a joint advisory, the two countries said threat groups affiliated with the Democratic People’s Republic of Korea (DPRK) continue to carry out numerous cybercrime campaigns to steal virtual currencies. These bad actors, including the hacker group Lazarus, which the US believes has been conducting cyberattacks around the world since 2009, are targeting “exchanges, digital asset managers, and individual users.” And apparently, they stole $659 million in crypto assets in 2024 alone.
North Korean hackers are using “well-disguised social engineering attacks” to infiltrate target systems, the countries said. It also warned that attackers could pose as freelance IT workers and gain access to systems owned by the private sector. In 2022, the United States issued guidelines on how to identify potential workers from North Korea. For example, how they typically log in from multiple IP addresses, transfer money to accounts based in the People’s Republic of China, or request payments in cryptocurrencies. Conflicting background information and sometimes unreachable during expected business hours.
Once attackers gain entry, they typically deploy malware such as keyloggers and remote access tools to steal login credentials and ultimately steal virtual currency that they can manage and sell. On where the stolen funds go: The United Nations will release a report in 2022 revealing investigators’ findings that North Korea is using funds stolen by coordinated threat actors for its missile program. “Our three governments are committed to preventing North Korea’s theft, including from private industry, and redirecting stolen funds, with the ultimate goal of preventing North Korea from illicit proceeds for its illicit weapons of mass destruction and ballistic missile programs. “We are working together to recover them,” the US and Japan said. said Korea.
